Re: [squid-users] https --> http reverse proxy problem

From: Amos Jeffries <[email protected]>
Date: Wed, 02 Apr 2008 22:07:03 +1300

Mirabello Massimiliano wrote:
>
>
>> -----Original Message-----
>> From: Mirabello Massimiliano
>
>>> -----Original Message-----
>>> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
>>> Sent: Wednesday, April 02, 2008 1:11 AM
>>> To: Mirabello Massimiliano
>>> Cc: Squid Users
>>> Subject: Re: [squid-users] https --> http reverse proxy problem
>>>
>>> tis 2008-04-01 klockan 17:55 +0200 skrev Mirabello Massimiliano:
>>>> My cache.log reports:
>>>> 2008/04/01 17:53:50| clientNegotiateSSL: Error negotiating SSL
>>>> connection on FD 11: error:140B512D:SSL
>>>> routines:SSL_GET_NEW_SESSION:ssl session id callback failed (1/-1)
>>> Hmm.. that's a new one.
>>>
>>> Which version of OpenSSL are you using?
>>>
>> IPAHU016 > openssl version
>> OpenSSL 0.9.6k 30 Sep 2003
>>
>>> Try setting sslcontext=something on your https_port, may make a
>>> difference (very related to session ids).
>>>
>> I tried but nothing changed. Still get the same error.
>>
>>
>>
>
> I think I found where the problem is:
>
> IPAHU016 > squid -v
> Squid Cache: Version 2.6.STABLE16
> configure options: '--prefix=/opt/iexpress/squid' '--enable-carp'
> '--enable-storeio=ufs,null,coss,diskd,aufs' '--enable-pthreads'
> '--enable-removal-policies=heap,lru' '--enable-icmp'
> '--enable-delay-pools' '--enable-kill-parent-hack' '--enable-snmp'
> '--enable-cachemgr-hostname' '--enable-htcp' '--enable-forw-via-db'
> '--enable-cache-digests' '--enable-underscores'
> '--enable-basic-auth-helpers=LDAP,SMB,MSNT,NCSA,PAM,YP,multi-domain-NTLM
> ' '--enable-ssl' *****'--with-openssl=/opt/openssl'
> *****'--enable-ntlm-auth-helpers=SMB,fakeauth'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_grou
> p' '--enable-ntlm-fail-open' '--enable-x-accelerator-vary' 'CC=gcc
> -static-libgcc ' 'CFLAGS=-g' 'LDFLAGS=-Wl,+nodefaultrpath
> -L/opt/openssl/lib -L/opt/iexpress/openldap/lib -L/usr/local/lib
> -L/usr/lib' 'CPPFLAGS=-I/opt/iexpress/openldap/include
> -I/opt/openssl/include'
>
> IPAHU016 > ls -ltr /opt/openssl
> /opt/openssl not found
>
>
> The binary package I use has been compiled with option
> '--with-openssl=/opt/openssl', so I think squid looks for openssl in
> /opt and doesn't find it.
>
> There is a way to instruct squid to look for openssl on other path?

You could re-compile from sources.

OR you could make that path exist as a symlink to where its supposed to
be on your system.

Amos

-- 
Please use Squid 2.6.STABLE19 or 3.0.STABLE4
Received on Wed Apr 02 2008 - 03:06:53 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT